Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 448826 - www-apps/dragonflycms: XSS vulnerability
Summary: www-apps/dragonflycms: XSS vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High trivial (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/47999/
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-27 13:04 UTC by MarcoP
Modified: 2016-04-01 03:00 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description MarcoP 2012-12-27 13:04:21 UTC 
www-apps/dragonflycms should be updated as v9.3.4 addresses the xss vulnerability as advided in http://secunia.com/advisories/47999/

*dragonflycms-9.3.3.1 (23 Jun 2012)
23 Jun 2012; Matti Bickel (mabi) +dragonflycms-9.3.3.1.ebuild,
-dragonflycms-9.2.1.ebuild:
version bump. remove old b/c of security issues (see
http://secunia.com/advisories/47999/)

Despite the commit detials, the issue has just been fixed.

I also noticed pkg_nofecth() using a really old URL, it should point to http://dragonflycms.org/Downloads/details/id=28/

Thanks
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-07 01:57:00 UTC 
Thank you for the report.

web-apps: please provide an updated ebuild.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-02-21 10:43:22 UTC 
@web-apps, please bump to current version in order to mitigate this vulnerability.  2 years since last request for new ebuild.

@proxy-maint, anyone want to take this on?

@treecleaner, No rdeps so this is a candidate for tree cleaning.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-03-05 07:50:41 UTC 
# Aaron Bauman <bman@gentoo.org> (05 Mar 2016)
# Per security bug #448826 this package is vulnerable
# and unmaintained.  Removal in 30 days.
www-apps/dragonflycms